- name: set dovecot_cfg
  set_fact:
    dovecot_cfg: "{{ dovecot_default_config | d({}) | combine(dovecot_config | d({}), recursive=true) }}"


- name: install dovecot
  include_tasks: tasks/install_packages.yml
  vars:
    package:
      - dovecot
      - dovecot-lmtpd
      - dovecot-openrc
      - dovecot-pgsql
      - dovecot-pigeonhole-plugin


- name: create user and group
  include_tasks: tasks/create_user.yml
  vars:
    user:
      name: "{{ dovecot_user }}"
      group: "{{ dovecot_group }}"


- name: create dovemail user and group
  include_tasks: tasks/create_user.yml
  vars:
    user:
      name: "{{ dovecot_mail_user }}"
      group: "{{ dovecot_mail_group }}"


- name: create dovenull user and group
  include_tasks: tasks/create_user.yml
  vars:
    user:
      name: "{{ dovecot_null_user }}"


- name: create dovecot conf dir
  file:
    path: "{{ dovecot_conf_dir }}"
    state: directory
    mode: 0755
    owner: "{{ dovecot_user }}"
    group: "{{ dovecot_group }}"


- name: create dovecot tls dir
  file:
    path: "{{ dovecot_tls_dir }}"
    state: directory
    mode: 0700


- name: create dovecot mail dir
  file:
    path: "{{ dovecot_mail_dir }}"
    state: directory
    mode: "g+s,o-rwx"
    owner: "{{ dovecot_mail_user }}"
    group: "{{ dovecot_mail_group }}"


- name: create dovecot sieve dir
  file:
    path: "{{ dovecot_sieve_dir }}"
    state: directory
    mode: 0755
    owner: "{{ dovecot_mail_user }}"
    group: "{{ dovecot_mail_group }}"


- name: generate dh params
  include_role:
    name: ca
  vars:
    function: dhparams
    dh_params:
      path: "{{ dovecot_tls_dh2048 }}"
      mode: '0400'
      remote_gen: yes
      notify: restart dovecot


- name: remove unneeded dovecot files
  file:
    path: "{{ dovecot_conf_dir ~ '/' ~ item }}"
    state: absent
  loop:
    - conf.d
    - dovecot-dict-auth.conf.ext
    - dovecot-oauth2.conf.ext
    - dovecot-openssl.cnf
    - users
  notify: restart dovecot


- name: get dovemail user info
  getent:
    database: passwd
    key: "{{ dovecot_mail_user }}"
  changed_when: no


- name: set dovemail uid
  set_fact:
    dovecot_dovemail_uid: "{{ getent_passwd[dovecot_mail_user][1] }}"


- name: template dovecot configuration
  template:
    src: "{{ item if item is string else item.src }}.j2"
    dest: "{{ dovecot_conf_dir ~ '/' ~ ((item ~ '.conf.ext') if item is string else item.dest) }}"
    force: yes
    mode: "{{ '0400' if (item is string) else (item.mode | d('0400')) }}"
    lstrip_blocks: yes
  loop:
    - { src: dovecot-dict-sql, dest: dovecot-dict-sql.conf.ext, mode: '0444' }
    - dovecot-sql
    - dovecot-trash
    - { src: dovecot-acl, dest: dovecot.acl }
    - { src: dovecot, dest: dovecot.conf }
  notify: restart dovecot


- name: edit permissions of dovecot plugin files
  file:
    path: "{{ dovecot_conf_dir ~ '/' ~ item }}"
    state: file
    owner: "{{ dovecot_mail_user }}"
    group: "{{ dovecot_mail_group }}"
  loop:
    - dovecot.acl
    - dovecot-sql.conf.ext
    - dovecot-trash.conf.ext
    - dovecot-dict-sql.conf.ext
  notify: restart dovecot


- name: template sieve scripts
  template:
    src: "{{ item.src }}.j2"
    dest: "{{ dovecot_sieve_dir ~ '/' ~ item.dest ~ '.sieve' }}"
    force: yes
    mode: 0400
    owner: "{{ dovecot_mail_user }}"
    group: "{{ dovecot_mail_group }}"
  loop: "{{ dovecot_sieve_scripts | d([]) }}"
  register: result


- name: compile scripts
  shell:
    cmd: "sievec {{ (dovecot_sieve_dir ~ '/') | quote }}"
  when: result.changed
  notify: restart dovecot


- name: collect svbin files
  find:
    paths: "{{ dovecot_sieve_dir }}/"
    patterns: "*.svbin"
    recurse: yes
    depth: 3
  register: svbin_files


- name: change svbin permissions
  file:
    path: "{{ item.path }}"
    mode: 0400
    owner: "{{ dovecot_mail_user }}"
    group: "{{ dovecot_mail_group }}"
  loop: "{{ svbin_files.files | d([]) | flatten(levels=1) }}"
  notify: restart dovecot


- name: add extra cname record
  include_role:
    name: ns
  vars:
    function: add_records
    ns_add_default_record: no
    ns_records:
      - name: "{{ mail_server.mua_actual_hostname }}"
        type: CNAME
        value: "{{ host_fqdn }}"
  when: mail_server.mua_actual_hostname is defined


- name: deploy certs
  include_role:
    name: certs
  vars:
    common:
      owner: root
      group: root
      post_hook: service dovecot restart
      notify: restart dovecot
      hostname: "{{ mail_server.mua_actual_hostname }}"
    certs:
      - cert: "{{ dovecot_tls_int_ecc384_cert }}"
        key: "{{ dovecot_tls_int_ecc384_key }}"
        ecc: yes
      - cert: "{{ dovecot_tls_int_rsa2048_cert }}"
        key: "{{ dovecot_tls_int_rsa2048_key }}"
        ecc: no


- name: flush handlers
  meta: flush_handlers


- name: add directories to backup plan
  include_role:
    name: backup
  vars:
    function: add
    backup_items:
      - "{{ dovecot_conf_dir }}"
      - "{{ dovecot_tls_dir }}"
      - "{{ dovecot_sieve_dir }}"
      - "{{ dovecot_script_dir }}"


- name: add mail dir to backup plan
  include_role:
    name: backup
  vars:
    function: add
    backup_items:
      - "{{ dovecot_mail_dir }}"
  when: dovecot_backup_mail_dir | d(false) == true


- name: enable and start dovecot
  service:
    name: dovecot
    enabled: yes
    state: started